Hello, following the annoucement by the Crosswalk team abandon of the shared process model in favour of the single process model (which actually create two processes), I want to raise a few remarks and opened questions linked to that change.
A) Loss of trusted status. --------------------------------- In the share process model, the Browser process and Renderer process were running with system privileges and was protected by a specific Smacks label. No Apps could fake the Browser process and for that raison the system was able to trust it what was allowing us to locate the enforcement of some App privileges at that level (at least on the paper, as in the real world, the implementation proved to be serious challenge, forcing Crosswalk team to abandon that model). In the new model the Browser Process will run with the same AppID than the Apps itself. It means that the system will not be able to differentiate both reliably and so, we will not be able to trust the Browser process any more for capability enforcement. With this change, the requirement for implementing the support of Native App privileges enforcement becomes urgent. B) Browser Process and App are both untrusted --------------------------------------------------------------- We need to treat Crosswalk running an HTML5 App as a native App and enforce the privilege externally what will be done by a bundle of tools which includes (smack label and Smack rules, Cynara, special groups). C) My questions ----------------------- 1) The security model for native App was agreed during the Aug14 Security workshop in Vannes. Where is located the associated documentation. In particular the list of privileges applicable to native Apps. 2) Do we have a 1:1 mapping between HTML5 and Native privileges. If not (what I expect) where is that mapping. 3) What is the exact list of privileges enforcement which were "subcontracted" to the browser process in the share process model. 4) What is the time table for implementation of the Native App privilege enforcement. Regards -- Dominig ar Foll Senior Software Architect Intel Open Source Technology Centre _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
